VS 2008 Securing And Maintaining With Mostly Web Services?
Mar 1, 2011
I'm going to launch a page - that will persist for a really long time using - using ASP.Net.
Page will have very little controls - will using jQuery ajax calls to build up and fill in the DOM for maintaining data in the backend DB.
How do I maintain who I am with the web service?
I'm used to pages that mostly use asp.net membership / session vbl stuff to maintain state.
That's not going to fly with why I'm doing here.
And I guess that also starts into "how do I secure this web service"?
View 7 Replies
Similar Messages:
Oct 18, 2010
my team is building a game in flash to be embeded in a asp.net application.
When the game is over the player have the chance to type his name to save his score. This is done using web services called from flash. The webservice receives the name and score.
Since the webservice is publicly available how can I make it only callable from my flash given the following conditions:
The .swf is hosted by the same asp.net application There are two domains that can access the same application (I have run previously into cross domain issues). Using SSL is not an option. The webservice has to be consumed by the .swf file.
View 1 Replies
Sep 25, 2011
I do have before a web server w/c is aspx. its like an online game panel w/c players do shop via web. but suddenly 1 day I was "SQL INJECT" i don't know what they do that the injected me.how do I secure my pages this is what i only use to all my pages to prevent entering characters such as " ',%,!,@,#,$,%,^,&,*,(,),.," all special characters will not be allowed. are there any else in order to secure it.?
Code:
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Label2.Visible = False
Dim userCleared As New System.Text.StringBuilder
Dim QuestionCleared As New System.Text.StringBuilder
Dim AnswerCleared As New System.Text.StringBuilder
[code]....
and how do I secure to the Direct browser thing? when i checked the IIS7 logs. i saw one IP w/c went to the /Webresource.axd iidjjfme9393j 4m9 mdmf9 um45d m89fm8jhvrm9u9mu30306bm0n.
some like encryption i don't what is this.
View 6 Replies
Mar 22, 2011
SQL server 2005
I have created a reports project through SQL Business intelligence studio, There is shared data source in it. The name of the sharedata source is MyReport.rds.I have added two new items to the project (reports folder) with names Survey.rdl and myProjectReport.rdl.
Before deploying it, I have specified three properties ( Throgh the project properties)
1) TargetDataSourceFolder=DataSources
2)TargetReportFolder= reports
3)TargetServerURL=http://localhost/reportserver and deployed it.
When I view it in the browser through
http://localhost/Reports/Pages/Folder.aspx
I get my folder called reports, and when I click on it I can see two reports, it works till this stage.
I want to use the same report in Visual studio 2008 so I have done the following in VS 2008
Visual Studio 2008
1) Added a page
2) Added Reportviewer Control to the page
3) Click Properties of Reportviewer and Choose <server Rreport>
4) Set Report Server URL: http://localhost/reportserver
5) set Report Path= /reports/
It comes up with the following error:
The path of the item '/reports/' is not valid. The full path must be less than 260 characters long; other restrictions apply. If the report server is in native mode, the path must start with slash. (rsInvalidItemPath)
View 1 Replies
Jan 15, 2010
Question on installing SQL Server 2008 reporting services.
I have Visual Studio 2008 express edition installed, with the corresponding SQL Server 2008 express edition installed. Is it practical to use SQL Server 2008 Reporting Services with the express edition, or is it just to restrictive with the express edition to be practical? Keep in mind I just need to use it with my local database connection. What type of restrictions will there be, i.e. what can I and what can't I do with express edition? What would be the more ideal setup and what would the costs generally look like?
View 1 Replies
Oct 6, 2010
I am having some trouble upgrading an existing SQL Server 2000 Reporting Services installation from an old server to a new one commissioned for this purpose, which is running SQL Server 2008 Reporting Services. I have been following the instructions here: [URL] but after trying to connect with reporting services 2008, i get this error: The version of the report server database is either in a format that is not valid, or it cannot be read. The found version is 'C.0.6.54'. The expected version is '147'. (rsInvalidReportServerDatabase) before starting the process, I ran upgrade advisor and got back the following results:
Description Setup can upgrade a SQL Server 2000 Reporting Services instance that uses a SQL Server 2000 Database Engine in the same instance. However, upgrade is blocked if the report server database is in a different instance, on a remote instance, or runs on a remote SQL Server 2005 instance in SQL Server 2000 compatibility mode.
*****
*note, our reporting services IS in the same instance as the SQL Server 2000 database engine. However, upgrade advisor still reported that this instance can not be automatically upgraded.
*****
Corrective Action Choose either approach to continue with the upgrade: Upgrade the Database Engine instance on the remote computer before upgrading Reporting Services. The server cannot be in SQL Server 2000 compatibility mode after upgrade. Move the reportserver and reportservertempdb to a SQL Server 2005 or SQL Server 2008 Database Engine instance, and then use the Reporting Services Configuration tool to connect the report server to the database.
so, I went with option 2, move the database then connect. I have: -backed up the ReportServer and ReportServerTempDB databases from the old server, transferred them to the new and restored them to the 2008 Server as ReportServerOld. -I then renamed the old database to ReportServer and ReportServerTempDB, as this is required to use the database as a source apparently. I had to of course change the existing database names to ReportServerNew to perform the rename. I backed up the symetric key for this installation using the rskeymgmt utility...............
View 2 Replies
Jan 8, 2010
Report viewer from SQL reporting services in VS 2008 report control If I create a new report in VS 2008 they have a .rdlc extension and work correctly.
I have some reports that I was using in SQL reporting services. Extensions are .rdl and want to get them to work with VS 2008.
I copied the rdl files and the .rdl.data files over to VS 2008 (SP1) project but when I go to select the report in the control it does not see the file (I assume it is looking for a .rdlc file)
I tried rename the file to .rdlc and loaded the file up and got
The report definition has an invalid target namespace [URL] which cannot be upgraded.
I see this
[URL]
[URL]
It says
"RDL files are fully compatible with the ReportViewer control runtime. However, RDL files do not contain some information that the design-time of the ReportViewer control depends on for automatically generating data-binding code. By manually binding data, RDL files can be used in the ReportViewer control."
But the link for how to manual bind the data is broken.
View 2 Replies
Sep 13, 2010
I am truying to work in my PC with reporting services 2008, but I got this message:
The report server can not decrypt the symmetric key used to access sensitive or encrypted data in a database server reports. You must restore a key from a backup or delete the encrypted content.(RsReportServerDisabled) .
View 1 Replies
Feb 4, 2011
How to Find All the Web Services and Windows Services Running on a Server in ASP.Net. I have the server details with me and want to find all the Web services running on it.
View 1 Replies
Apr 3, 2010
I am using Visual Studio 2010 Release candidate1. I have to deploy my web application which consists of a website, certain window services, certain WCF services and Sql Server 2005 database.I read Vishal Joshi's blog(http://vishaljoshi.blogspot.com/2009/09/overview-post-for-web-deployment-in-vs.html) detaing Web Package in VS2010. I want to know how to deploy window services and WCF services using Web Package. Also, I want to create a web setup (.msi) for deployment instead of Web Package so that the .msi takes care of all the application and database deployment like the web package does.
View 1 Replies
Jul 20, 2010
I installed vs2010 in my machine and opened solution (of same version copied from other machine).
But getting stateservices error message..Moreover i am unable to find asp.net services in the list of services under serives.msc.
View 2 Replies
Feb 2, 2010
In ASP.NET MVC 2, to secure controller action, i have created a class RequirePermission inherited from ActionFilterAttribute class. The controller action looks like
[Code]....
Now instead of making different attributes , I want to use RequirePermission attribute like
[RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)] so that i can use it for different scenerious. but the compiler throw the following error. An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
View 1 Replies
Mar 25, 2010
I have a asp.net website and I am accessing that web service from my iPhone app to get data.
The WCF web service produces data as JSON.I want to put some kind of authentication on the WCF. What you you guys recommend?
View 2 Replies
May 28, 2010
How to secure an Action filtered with Authorize method from a jQuery call? I have this Authorize filter and it work's cause users are redirected if not logged-in. But after logging-out then accessing previous open pages that needs authorization, they weren't redirected at all. This jQuery is initialize when a button is clicked,
jQuery.post(
"/controllername/IsUserActive", {
}, function (data) {
if (data){
$('#div_user_active').html(data);
{ else {
$('#div_user_active').html('Not Active');
}
}
);
then calls this Action method.
<Authorize()> _
Function IsUserActive() As Boolean
Return True '<<---this keeps returning even users are already logged-out.
End Function
Overall, I wanted ajax(jQuery) to update/read a portion of the page but gets redirected if not authorized.
View 1 Replies
Nov 14, 2010
We will be developing an ASP.NET application. It will store data in an SQL Server 2008 R2 installation. Most of the data is sensitive, so security is a primary concern.We will be hosting this in a shared environment, and it is a design goal that the data should be unreadable in the case of theft.
I am thinking of the following set up:
Encrypt the whole database using TDE. Users are created in the SQL Server users table, and we authenticate against that when users log in through the web interface.The intention is that if someone gets to the database, they will not be able to use the data. And no connection string with user credentials will need to be stored in the web.config file. Do you see any disadvantages to this approach? And how easy will it be to authenticate against the SQL Server as described?
View 3 Replies
Oct 26, 2010
I need something to secure my PDF files link ...
i have a page like http......../folder/userName.pdf
i need to to encrypt the file name ( i put it "login userName" ) ...
how do i let logged in users download their pdf files without knowing the URL above , for security reasons only ...
View 4 Replies
Sep 10, 2010
I need to create a single sign-on structure and my question is: is SSL a must?
Details:
The application will have a link to my web application. When the user clicks that link, their local username will be passed to my web app at which point a look-up in a mapping file is done. If that local username exists in the map, then the user is logged in. If not, then the user will be prompted to enter their network username and password, and when authenticated, an entry in the map will be created.
How do I ensure that user is who they say they are and not Joe Blow from off the street sending in an HTTP POST request with that username?
Do I have to use SSL (and if so, what does that entail)? Would adding a salt and encrypting the username be sufficient? Maybe locking it down so the source IP has to be within a controlled range?
My web app runs on IIS 6/7 and uses the ASP.NET MVC framework, if that is important.
View 3 Replies
Jul 4, 2010
I am trying to deploy a project for customers and i 'd like to be sure that code will be secured and cannot be hacked or seen , i know we can do that through the precompiled features but i don't konw how secure it is , and is there any other ways for this?also about the database can i protect it so as no one can open it see the tables or edit .... etc ?
View 1 Replies
Jan 6, 2011
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
View 4 Replies
Mar 17, 2011
I have an existing website that I am adding a webservice (asmx) file too so that I can make client call backs to a certain function.I found this article on securing webmethods in an API [URL] a...ntication.aspx But is there a way to set the security up for the API itself instead of each individual webmethod? Kinda like have a page load method that gets called regardless of what API you are using and checks if you have a valid session.
View 1 Replies
May 27, 2010
I am taking dataset value in an xml file in asp.net webpage. But when I convetr and create a file of its it i saved as a plain text. to which user can easily open and change anything. But I want to limit user to change XML fie.
View 10 Replies
Jan 22, 2010
I am creating an online job application using a wizard control.
When the user has completed the application, the finish button will fire javascript to re-render the data & print the application(the application data will not be saved to a database, email, xml, etc).
I want to ensure the users' personal info is safe while postbacks are being made (ie clicking the next button in the wizard steps).
Can someone give me a start as to what I need to be looking to do?
I've seen some things about viewstate encryption, but not sure if that's where I should begin, and/or if that's the only thing I need to do.
Or, If I were to disable viewstate all together would that be good enough?
View 1 Replies
Apr 27, 2010
i have never encrypted any dlls. How to protect and secure compiled code, that cann't be extracted with the help of software like .net reflectors
View 1 Replies
Jun 17, 2010
Because of the way the server is set up I'm using, I don't think I can use Integrated Security=SSPI in my SQLConnection string. However, I'm a bit wary of giving the database username and password in the connection string in a aspx.cs file. Is there any way of making it more secure?
View 3 Replies
Sep 21, 2010
I am working on web application in which all of the data I am submitting back to the server is being done on the client side using JQuery AJAX calls to my .NET web services using JSON. This works perfectly to enhance my user experience and greatly reduces post backs, etc.What I am looking for suggestions on is securing the web services being exposed to the client side from being used by anything but my JQuery code on my site. The security hole that I see here is that since the client-side JQuery can access the web services, so could anything.
View 2 Replies
